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■ $600 Billion 

■ 90% of population has coverage 

■ 4.1 billion mobile users 

But has GSM been properly tested? 



Outline of this talk 
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■ GSM security 

■ Attacks 

■ Conclusion 
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Some important identifiers 



■ IMSI 

■ IMEI 

' Phone number 

■ Secret key: Ki 
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IMSI, Ki, A3, A8 
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IMSI -> (Ki,A3,A8) 
RAND = Random 

Kc := A8(Ki,RAND) 
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RAND = Random 
A8(Ki,RAND) 
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GSM Encryption 
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Attacks 



Attack 1 : Eavesdropping 



Eavesdropping on GSM 



O Capture bursts 

Q Decrypt captured bursts 

© Interpret decrypted bursts 



3: Interpret decrypted bursts 



You have several options here: 

• GSMDecode (AirProbe) 

• WireShark 

• OpenBTS/OpenBSC 



2: Decrypt captured bursts 

the Kraken! 




Breaking A5/1 



■ Reverse engineered in 1994 

■ Academic breaks 

■ Time-Memory-Trade-Off attacks 

■ Currently: 

• Berlin set & Kraken 



Using Kraken 



O Capture a burst 

© "Guess" contents 

© Compute keystream 

© Look-up corresponding session key 



1 : Capture burst 

USRP + GNU Radio + AirProbe 




The Um interface 



ft 



Frequency band 



ft 



An example cell 




No Frequency hopping 





Frequency hopping 
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Message Sequence 
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Message Sequence 
Paging 
Request channeL 
Assign channel 
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Assign channel 
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Message Sequence 



Paging 
Request channeL 
Assign channel 
exchange info 
Start Ciphering 
Ciphering started 
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Message Sequence 



Paging 

Request channeL 
Assign channel 
exchange info 
Start Ciphering 

Ciphering started 
exchange info 

Ass, speech chn. 
Conversation 
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Hopping Problem 
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Attack 2: the MITM attack 



The Man-ln-The-Middle Attack 
Paging 
Request channeL 
Assign channel 



exchange info 

Start Ciphering 
Ciphering started 

exchange info 
Ass, speech chn. 

Conversation 
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The Man-ln-The-Middle Attack 



^Start Ciphering A5/2 
Ciphering started 



^Start Ciphering A5/x 



Ciphering started 

exchange info 
Ass, speech chn. 



. Conversation ,. 



The Man-ln-The-Middle Attack 



Ingredients: 

■ BTS: OpenBTS / OpenBSC 
' Phone: OsmocomBB 

Problems: 

■ Hopping problem 
' Time window 

■ Detectable 



MITM the easy way 



Just link OpenBTS to Asterisk 



Downsides: 

• No incoming calls 

• Calling number obscured 



MITM the easy way 



Just link OpenBTS to Asterisk 



Downsides: 

• No incoming calls 

• Calling number obscured 
Upside: 

• It already works 



Yet another way 



A sort of hybrid attack between MITM and eavesdropping 



O Capture challenge 

Q Capture conversation 

© Fake BTS attack with challenge 



Some other attacks 



Other attacks 



■ IMSI catchers 

■ Attacks on other parts of the network 
. Nokia 1100 

■ Locations revealed 

■ DoS attacks 



There's hope still 



GSM was 2G 

3G uses mutual authentication 

4G might use AES 



What can you do now? 



GSM will be around for a long time. 

■ Use solely 3G 

■ Use crypto solutions 



Conclusions 



Conclusion 



■ Eavesdropping, full-MITM and hybrid still need work 

■ Easy-MITM works 

■ Many other attacks are possible 



..Besides 



The weakest link is probably your phone! 



..Besides 



The weakest link is probably your phone! 
See The Monkey Steals the Berries 
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